Be careful about what you download on your smartphone.
Just this weekend, a security risk has been highlighted that showed a paid app on the Google Play Store that masquerades as a genuine Samsung app. The app claims to update your smartphone’s firmware, but when installed the user will just be redirected to a website full of ads and will automatically be signed up for a subscription plan.
Some users have been fooled into entering their credit card numbers on the app, whereas standard apps use the Google Play Store to handle subscriptions. Additionally, firmware updates from Samsung (or from any other brand for that matter) are supposed to be free and are done through an app or the Settings menu of your Android device.
What’s worrying is that the mentioned app appeared on the Google Play Store, meaning that it was supposed to be tested for any security issues before it was published. Google has already removed the app, but not after it was downloaded more than 10 million times.
Other users who have downloaded the app also reported that their devices have become unstable, with some saying that their devices have suffered reboots along with overheating and other random issues.
While some are vigilant enough to know that this app is fake, some are still easily fooled since the name and the design can be confusing for someone not familiar with how updates work.
If you managed to install the app, better uninstall it now and download anti-virus software to scan your Android device of any potential malware. If you’re still not convinced, a format of your device is the best way to clean – though you may have to restore all apps and data so better make sure you have a backup. If you entered your credit card number, be on a lookout for unwanted charges and immediately check with your bank just in case you incur an unwanted charge.
A detailed overview of how the malware duped millions of Android users can be read on the CSIS TechBlog.